package auth

import (
	"net/http"

	"gitee.com/micro-plat/sas/sas/modules/auth/conf"
	"gitee.com/micro-plat/sas/sas/modules/const/enum"
	"gitee.com/micro-plat/sas/sas/modules/sign"
	"github.com/micro-plat/lib4go/errs"
)

//SingleAuth 单一认证
func (a *Auth) SingleAuth(input map[string]interface{}, conf *conf.AuthConfig, type1 string) error {

	//检查参数及配置
	euid, signName, _, err := a.check(input, conf, type1, "", enum.Single)
	if err != nil {
		return err
	}

	//获取密钥
	secret, rsaSignType, _, _, err := a.getSecret(type1, "", euid, "", enum.Single)
	if err != nil {
		return err
	}

	//校验签名
	b, err := sign.Verify(input, secret, signName, type1, rsaSignType, conf)
	if err != nil || !b {
		return errs.NewErrorf(http.StatusForbidden, "签名认证未通过 %+v", err)
	}

	return nil
}
